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Th9 MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 
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2a)n This action is FINAL. 2b)S This action is non-final. 

3) n Since this application Is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex pa/te Quay/e, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) 13 Claim(s) 1-31 Is/are pending in the application. 
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5) n Claim(s) is/are allowed. 

6) 13 Clalm(s) 1-31 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 13 The drawlng(s) filed on 01/18/2000 is/are: a)IS accepted or 6)0 objected to by the Examiner. 
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11) 0 The proposed drawing correction filed on is: a)n approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 



Response to Arguments 

1 . In response to communications filed on 1/30/2004, Applicant amends claim 1, the 
following claims 1-31 are presented for examination. 

2. The amendments to the specifications, filed on 1/30/2004, have been considered. The 
objection to the drawings has been withdrawn. 

2.1 . Applicant's arguments, see pages 9-13, filed on 1/30/2004, with respect to the rejection 
of claims 14 and 23, under 35 USC 103 (a) have been fully considered and are persuasive. 
Shrader teaches a proxy, but does not explicitly teach a transparent proxy. However, Shrader 
teaches all other limitations of claim 14. Referring to claim 23, Callaghan teaches a proxy, but 
does not explicitly teach a transparent proxy. However, Callaghan teaches all other limitations 
of claim 23. Therefore, the rejection has been withdrawn. However, upon further consideration, 
a new ground of rejection is made in view of Cohen et al. in combination of the teachings above. 
A transparent proxy is known in the art and was made of record in the previous Office Action. 
Cohen et al. and Blum et al., both teach a transparent proxy and either one of the references 
would be an obvious combination to the proxy described by Callaghan and Shrader. Applicant 
amends claim 1 to recite a transparent proxy. Independent claims 1 and claim 27 are rejected for 
the same reasons described above. Regarding the dependent claims, the teaching of Callaghan 
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and Shrader in combination with other references in the first Office Action still applies as far as 
disclosing other limitations not challenged by Applicant. 

Claim Rejections - 35 USC § 112 

3. Claim 1 and the intervening claims are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

Claim 1 recites the hmitation "the proxy'* in the last four lines of the claim. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC §103 

4, The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 
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4. 1 Claims 1-4, 6-7, 9-17, and 20-31 are rejected under 35 US.C. 103(a) as being 
unpatentable over US Patent 2002/0007317 to CaUaghan et aL in view of US Patent 6,182,141 
to Blum et al. and in view of US Patent 6,374,359 to Shrader et aL. 

4.2 As per claim 1, Callaghan et aL substantially teaches a method for brokering state 
information exchanged between computers using at least one protocol above a transport layer, 
the method comprising the steps of receiving at a proxy a request from a client requesting a 
resource of an origin server (page 6, paragraph 86); redirecting the client request from the proxy 
to a policy module (page 6, paragraph 86); obtaining enforcement data provided by the policy 
module (page 6, paragraph 87); generating at the proxy a policy state token in response to the 
policy enforcement data (page 6, paragraph 87); and transmitting the policy state token from the 
proxy to the client (page 6, paragraph 87). Callaghan et aL does not explicitly state using a 
transparent proxy. A transparent proxy is well known in the art. However, Blum et aL in an 
analogous art teaches receiving at a proxy a request from a client requesting a resource of an 
origin server, for example (column 3, lines 42-60). Therefore, it would have been obvious to one 
of ordinary skilled in the art at the time the invention was made to modify the method of 
Callaghan et al. to receive a request at a transparent proxy in order for services to be transparent 
to the user and no additional code to support new or revised protocols is needed as taught by 
Blum et aL (see column 2, lines 12-21). This modification would have been obvious because 
one skilled in the art would have been motivated by the suggestions provided by Blum et aL so 
as to provide services to be transparent to the user and with no need of additional code to support 
new or revised protocols. 
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Callaghan et al. does not explicitly state obtaining at the proxy policy enforcement data 
from the policy module. However, Shrader et al. in an analogous art teaches redirecting the 
client request from the proxy to a policy module (column 4, lines 10-65); obtaining at the proxy 
policy (web server) enforcement data provided by the policy module and generating state token 
from the data (column 4, lines 10-65). Therefore, it would have been obvious to one of ordinary 
skilled in the art at the time the invention was made to modify the method of Callaghan et al. to 
obtain enforcement data at the proxy from the policy module to create and validate 
authentication cookies as taught by Shrader et aL. This modification would have been obvious 
because one skilleded in the art would have been motivated by the suggestions provided by 
Shrader et al. so as to validate the user to other server applications. 

As per claun 2, Callaghan et al. teaches fiirther comprising the step of receiving at the 
proxy a renewed request for the origin server resource, the renewed request containing the policy 
state token (page 6, paragraph 87). 

As per claim 3, Callaghan et al. teaches the method of claim 2, wherein the renewed 
request contains the policy state token in a cookie in a header sent from the client to the proxy 
(page 6, paragraph 87). 

As per claim 4, Callaghan et al. teaches the step of forwarding to the origin server a 
portion of the renewed request, the forwarded portion omitting the policy state token (see page 6, 
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paragraphs 88-90). Callaghan et al. further teaches in other embodiments the step of stripping 
off the state token (see page 4, paragraph 61 and page 5, paragraph 81). 

4.3 As per claim 6, Callaghan et aL teaches further comprising the steps at the proxy of 
forwarding to the client at least a portion of a communication from the origin server, and 
forwarding to the origin server at least a portion of a communication from the cUent (page 5, 
paragraphs 81-82). 

4.4 As per claim 7, Callaghan et aL teaches the limitation of wherein HTTP is a protocol 
used during at least one of the receiving and transmitting steps (page 6, paragraph 86). 

4.5 As per claim 10, Callaghan et al. substantially teaches the claimed method of claim 1 
and further teaches the use of application programming interface. Callaghan et al. does not 
explicitly teach the LDAP application. Shrader et al. in an analogous art teaches LDAP as a 
software to provide authentication information about the chent (column 4, lines 14-26). 
Therefore, it would have been obvious to one of ordinary skilled in the art at the time the 
invention was made to modify the method of Callaghan et aL to use LDAP to authenticate the 
user as taught by Shrader et aL. This modification would have been obvious because one 
skilled in the art would have been motivated by the suggestions provided by Shrader et aL to 
provide authentication in the communications between the client and the server. 
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4.6 Claims 9 and 11 are similar to the rejected claim 10 except for utilizing Novell 
Directory Services and SSL software respectively instead of LDAP. Shrader et al. uses LDAP 
only as an illustration but states that any other server administrative application can be 
implemented in the invention (column 4, lines 15-20 and lines 53-65). Therefore, claims 9 and 
11 are rejected on the same rationale as the rejected claim 10. These applications are known in 
the art as also present in applicant's references. 

4.7 As per claim 12, Callaghan et aL teaches the limitation of wherein the obtaining step 
extracts policy enforcement data from a redirection address field (see page 6, paragraphs 86-87). 
The proxy obtains the enforcement data from a redirection field by the browser. In case of a 
policy module in a separate server, it is apparent to one of skilled in the art that the proxy will 
forward the redirection address field to the server. 

As per claim 13, Callaghan et al. teaches the limitation of wherein the transmitting step 
transmits the policy state token in a cookie in a header sent from the proxy to the client (page 6, 
paragraph 87). 

4.8 As per claim 14, Shrader et al. substantially teaches a transparent proxy server (see 
column 5) comprising: a memory configured at least in part by a transparent proxy process; a 
processor for running the transparent proxy process; at least one link for networked 
communication between the transparent proxy process, on the one hand, and a client computer 
and an origin server, on the other hand; To one with ordinary skilled in the art, the web server 
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has a memory and a processor to run the proxy process and the network can have any number of 
cHents and servers with at least one with the policy module as disclosed by Shrader et aL; a 
policy module identifier which identifies a policy module that grants or denies authorization of 
proxy services. At step 56 (column 5, line 50) Shrader et aL discloses a step to check the 
validation of the proxy services. Shrader et aL substantially teaches the limitations of the claim, 
but does not explicitly teach a transparent proxy. However, Blum et aL in an analogous art 
teaches a transparent proxy server having a transparent proxy server address, for example 
(column 3, lines 42-60). Therefore, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify the method of Shrader et aL to use a transparent 
proxy as taught by Blum et aL (see column 2, lines 12-21). This modification would have been 
obvious because one skilled in the art would have been motivated by the suggestions provided by 
Blum et aL so as to provide services to be transparent to the user and with no need of additional 
code to support new or revised protocols. 

As per claim 15, Shrader et aL teaches a proxy server in combination with the poHcy 
module (column 5, lines 1-25). 

As per claim 16, Shrader et aL teaches the claimed method of claim 15, wherein the 
poUcy module and the transparent proxy process are running on the same computer (column 5, 
lines 1-25). 
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As per claim 17, Shrader et aL the claimed method of claim 14, and further teaches that 
the cHent computer is networked to a set of one or more servers. Therefore, the addition of 
another chent computer in the network is obvious to one skilled in the art. 

4.9 Claim 20 adds another proxy with similar limitations as the rejected claim 14. Shrader 
et aL substantially teaches the claimed method of claim 14 in combination with at least one 
additional transparent proxy server which also has a memory configured at least in part by a 
transparent proxy process, a processor for running the transparent proxy process, a link, and a 
policy module identifier. To one with ordinary skilled in the art, the network can comprise of 
any number of clients and servers as disclosed by Shrader et aL (column 5, lines 1-25). 

As per claim 21, Shrader et aL substantially teaches the request from one proxy to 
another. Shrader et aL further mentions that at least one supports the server application. It is 
apparent to one skilled in the art that one can communicate with the other (column 5, lines 1-25). 

As per claim 22, Shrader et aL teaches that one computer can perform the handling 
request in column 5, It is apparent to one skilled in the art that if two servers are combined the 
handling request can still be performed by one. 

4. 10 As per claim 23, Callaghan et aL substantially teaches a pair of state information 
brokering signals embodied in a distributed computer system, the system containing a client, a 
transparent proxy server having a transparent proxy server address, and a poKcy module having a 
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policy module address (see page 3, paragraphs 44-48). Callaghan et aL discloses in figure 1 a 
computer system with terminals that meets the recitation of signals from the computer, the pair 
of signals comprising: a first signal including a redirection command which specifies the policy 
module address as a redirection target (see page 6, paragraphs 86-87); and a second signal 
including a redirection command which specifies the transparent proxy server address as a 
redirection target and also including policy enforcement data which grants or denies 
authorization for the client to use a service of the transparent proxy server (see page 6, 
paragraphs 86-87). Callaghan et al. further discloses the address for the policy module for the 
user to enter data and the address of the proxy on the POST request. Callaghan et aL discloses 
the limitations of claim 23, but does not teach a transparent proxy. However, Blum et aL in an 
analogous art teaches a transparent proxy server having a transparent proxy server address, for 
example (column 3, line 20 through column 4, line 8). Therefore, it would have been obvious to 
one of ordinary skilled in the art at the time the invention was made to modify the method of 
Callaghan et aL to use a transparent proxy in order for services to be transparent to the user and 
no additional code to support new or revised protocols is needed as taught by Blum et aL (see 
column 2, Hnes 12-21). This modification would have been obvious because one skilled in the 
art would have been motivated by the suggestions provided by Blum et aL so as to provide 
services to be transparent to the user and with no need of additional code to support new or 
revised protocols. 



4.11 As per claim 24, Callaghan et aL teaches the limitation of wherein the first signal 
includes an identity broker address as the policy module address (see page 6, paragraphs 86-87). 
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4. 12 As per claim 25, Callaghan et al. teaches the limitation of wherein the first signal 
includes a login server address as the policy module address (see page 6, paragraphs 86-87). 

4. 13 As per claim 26, Callaghan et aL teaches the limitation of wherein the second signal 
includes the pohcy enforcement data embedded in an address field with the transparent proxy 
server address (see page 6, paragraphs 86-87). 

4.14 Claim 27 is similar to the rejected claim 1, except for incorporating the claimed method 
of claim 1 into a computer medium. Therefore, claim 27 is rejected on the same rationale as the 
rejection of claim 1 , 

4.15 As per claim 28, Callaghan et al. substantially teaches a policy enforcement data that 
grants authorization for the client to access resources (page 6, paragraph 87). Callaghan et aL 
further teaches the step of generating at the transparent proxy a proxy cookie containing at least a 
portion of the policy enforcement data, and transmitting the proxie cookie from the transparent 
proxy to the client (page 6, paragraphs 86-87). Callaghan et al. does not explicitly grant 
authorization for the client through the transparent proxy, credentials are sent to the appropriate 
servers. However, Shrader et aL in an analogous art teaches the step of granting authorization 
for the client through the transparent proxy (column 4, Hues 10-65). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify the 
method of Callaghan et al. to grant authorization for the client through the transparent proxy as 
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taught by Shrader et al.. This modification would have been obvious because one skilled in the 
art would have been motivated by the suggestions provided by Shrader et aL so as to control 
authentication at the transparent proxy. 

4.16 As per claim 29, Callaghan et al. teaches the limitation of wherein the method further 
comprises the steps of accepting the proxy cookie at the transparent proxy with a renewed client 
request for the origin server resource, and forwarding the renewed client request to the origin 
server without the proxy cookie (see page 6, paragraphs 88-90). Callaghan et al. further teaches 
in other embodiments the step of stripping off the state token (see page 4, paragraph 61 and page 
5, paragraph 81). 

4. 17 As per claim 30, Callaghan et al. teaches the limitation of wherein the method further 
comprises the step of transparently forwarding the requested resource from the origin server to 
the client (see page 6, paragraphs 88-89). 

4.18 As per claim 31, Callaghan et al. teaches the limitation of substantially teaches the step 
of generating at the proxy a policy state token in response to the policy enforcement data (page 6, 
paragraph 87); transmitting the policy state token from the proxy to the client (page 6, paragraph 
87); receiving the proxy cookie from the cHent with a renewed client request for the origin server 
resource (page 6, paragraph 87), and accepting the policy enforcement data (page 6, paragraphs 
88-90). Callaghan et aL does not teach using another proxy to perform the tasks. To a person 
skilled in the art it is apparent that another backup proxy will perform the same function. 
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Shrader et al. in an analogous art teaches using multiple proxies that support LDAP (column 5, 
lines 1-25). It is apparent that other servers are capable of doing the job when one server fails, so 
receiving the first proxy cookie at a second transparent proxy is not departing from the spirit and 
scope of the teaching of Shrader et al.. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the method of Callaghan et 
al. to include additional proxies as taught by Shrader et aL. This modification would have been 
obvious because one skilled in the art would have been motivated by the suggestions provided by 
Shrader et al. so as to have a reliable network. 

5. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
2002/0007317 to CaDaghan et al. in view of US Patent 6,182,141 to Blum et al. US Patent 
6,374,359 to Shrader et al.. and further in view of US Patent 5,805,803 to Birrell et aL. 

As per claim 5, both references substantially teach further comprising the step of 
receiving at the proxy a reply from the origin server, the reply containing an origin state token 
(page 6, paragraphs 88-90). Callaghan et al. teaches subsequent communications with the user. 
Shrader et al,. also teaches subsequent communications with the browser. Neither of the 
references explicitly teaches a reply containing a cookie for use by the proxy in its subsequent 
communications with the origin server. Birrell et al. in an analogous art teaches subsequent 
requests between the proxy and the server (column 2, lines 52 et seq.). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify the 
method as combined above to use the state token instead by the proxy in its subsequent 
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communications with the server without additional work by the proxy as taught by Birrell et aL. 
This modification would have been obvious because one skilled in the art would have been 
motivated by the suggestions provided by Birrell et aL so as to prevent additional work by the 
proxy. 

6. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
2002/0007317 to CaDaghan et aL in view of US Patent 6,182,141 to Blum et aL in view of US 
Patent 6,374,359 to Shrader et aL, and further in view of US Patent 6,212,640 to Abdelnur et 
aL 

As per claim 8, both references substantially teach the claimed method of claim 1 and 
further teaches the use of protocol HTTP. Neither of the references explicitly teaches the 
protocol HTTPS. Abdelnur et aL in an analogous art teaches HTTPS as a secure protocol 
(column 4, lines 14-26). Therefore, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify the method as combined above to add HTTPS 
during at least one of the receiving and transmitting steps to provide mean for automated 
encryption /decryption as taught by Abdelnur et aL. This modification would have been 
obvious because one skilled in the art would have been motivated by the suggestions provided by 
Abdelnur et aL to provide more authentication in the communications between the client and 
the server. 
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7. Claims 18-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
2002/0007317 to CaUaghan et al. in view of US Patent 6,182,141 to Blum et aL in view of US 
Patent 6,374,359 to Shrader et aL. and further in view of US Patent 6,401,125 to Makarios et 
aL. 

7.1 As per claim 18, both references substantially teach the claimed transparent proxy server 
of claim 14. CaUaghan et aL teaches the step of receiving a request from the client for a 
resource of the origin server (page 6, paragraph 86), sending the client an authorization by the 
policy module for the client to use a transparent proxy service (page 6, paragraph 86), accepting 
the authorization from the client with a renewed client request for the origin server resource 
(page 6, paragraph 87). CaUaghan et aL fixrther teaches forwarding the renewed client request 
with the credentials by stripping the cookie. Neither of the references explicitly teaches 
forwarding the renewed client request to the origin server without forwarding the authorization. 
However, Makarios et aL in an analogous art teaches forwarding the renewed client request to 
the origin server without forwarding the authorization but with an indication to the origin server 
that the transparent proxy server is the source of the forwarded request, and then transparently 
forwarding the requested resource from the origin server to the cUent (see column 3, lines 1-10; 
column 4, hnes 30-67 and column 5, lines 44-64). Therefore, it would have been obvious to one 
of ordinary skill in the art at the time the invention was made to modify the steps as combined 
above to forward the renewed client request without authentication as taught by Makarios et aL. 
This modification would have been obvious because one skilled in the art would have been 
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motivated by the suggestions provided by Makarios et al. so as to maintain security and 
authentication in the proxy. 

7.2 As per claim 19, Makarios et al. teaches the limitation of wherein the transparent proxy 
server sends the client the authorization by sending the client a proxy cookie for use in 
subsequent communications from the client (column 4, lines 55-67 and column 5, lines 25-50). 

Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 703-305-0355. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 



Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 
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